Protecting Controlled Unclassified Information
Controlled
Unclassified Information (CUI) Overview
CUI is information that requires safeguarding or dissemination
controls pursuant to and consistent with applicable law, regulations,
and government-wide policies, but is not classified under Executive
Order 13526 or the Atomic Energy Act, as amended.
More Information
ISOO 2016 CUI Notice And Implementation Guidance
CUI Oversight
On November 4, 2010, the President signed Executive Order 13556,
“Controlled Unclassified Information” (the Order). The Order established
a program to standardize the way the executive branch handles unclassified
information that requires protection in accordance with law, regulation,
and/or Government-wide policy. The Order designated the National
Archives and Records Administration (NARA) as the CUI Executive Agent to
implement that program. NARA designated the Director of the
Information Security Oversight
Office, (ISOO), a NARA component, to exercise these responsibilities
on its behalf.
Below are
various resources to assist you with developing, implementing and
managing a Controlled Unclassified Information Protection Program...
ISOO CUI GUIDANCE AND RESOURCES
CUI Policy And Guidance
https://www.archives.gov/cui/registry/policy-guidance
ISOO Presentation CUI Overview -
June 2018
Key Elements Of The CUI Program
https://www.archives.gov/cui/key-elements.html
CUI FAQ's
https://www.archives.gov/cui/faqs.html
CUI Registry - What Is Considered CUI?
https://www.archives.gov/cui/registry/category-list
CUI Marking Handbook
https://www.archives.gov/files/cui/20161206-cui-marking-handbook-v1-1.pdf
Other CUI Marking Resources
CUI Marking Trifold
Brochure
CUI Audio, Photography And Video Markings Brochure
CUI Destruction Label
https://www.archives.gov/cui/additional-tools
CUI Cover Sheets
https://www.archives.gov/files/cui/documents/20170608-cui-coversheet-of-901.pdf
CUI Program Blog (Subscribe For The Latest News)
https://isoo.blogs.archives.gov
CUI SECURITY
CONTROL REQUIREMENTS
NIST SP 800-171 focuses on protecting the confidentiality of
Controlled Unclassified Information (CUI) in nonfederal systems and
organizations, and recommends specific security requirements to achieve
that objective. The requirements recommended for use in SP 800-171 are
derived from FIPS Publication 200 and the moderate security control
baseline in NIST Special Publication 800-53 and are based on the CUI
regulation (32 CFR Part 2002, Controlled Unclassified Information).
NIST SP 800-171: Protecting Controlled Unclassified Information In
Nonfederal Systems And Organizations
NIST SP 800-171 Security Controls Assessment Questionnaire
NIST SP 800-171 Security Controls Implementation Status Worksheet
CUI TRAINING
ISOO CUI
Training
Protecting CUI In Nonfederal Systems And Organization NIST SP 171 (CSIAC
Webinar)
DFARS RULES
GOVERNING CONTROLLED TECHNICAL INFORMATION / CUI FOR THE DOD
DoD Briefing: Protecting DoD’s Unclassified Information (DFARS
252.204-7012)
DoD Memo: Implementation Of DFARS 252.204.7012 - Safeguarding Covered
Defense Information And Cyber Incident Reporting
DoD Manual 5200.01 - Volume 4: DoD Information Security Program -
Controlled Unclassified Information
Cybersecurity In DoD Acquisition Regulations
PROTECTING CUI
BEYOND COMPLIANCE REQUIREMENTS
Visual Hacking Is Highly Successful At Getting Sensitive Data
Protecting CUI Beyond Compliance Requirements - Simple Techniques For
Data Theft
Combating The Insider Threat To Information Systems And Networks
Best Practices for Protecting Your Data When Employees Leave Your
Company
PROTECTING
SENSITIVE INFORMATION
DHS Handbook For Safeguarding Sensitive Personally Identifiable
Information
Data Lifecycle
Security Overview - Protecting Data From Creation Till Destruction
DATA BREACH RESPONSE GUIDANCE
Experian - Data Breach Response Guide
LifeLock - Best Practices For Handling A Data Breach
Data
Breach Response Checklist
EMPLOYEE HIRING / BACKGROUND CHECKS / SEPARATION
Employee Hiring / Separation / Background Investigations
The Safe
Hiring Manual (2017 Edition-By Attorney Lester Rosen)
Online Safe Hiring Certification Training Course (By Attorney Lester
Rosen)
Background Checks - Common Ways Prospective Or Current Employees Sue
Employers Under The FCRA
Ten Potential Dangers When Using Social Media Background Checks
Supervisors Guide To Employee Separation
EMPLOYEE CONTINUOUS EVALUATION AND REPORTING
Continuous Screening of Employees Will Gain More Acceptance as Critical
Post-Hire Due Diligence Tool
Endera EBook: 5 Reasons Background Screenings Are Obsolete
Endera Employee Continuous
Monitoring Service Overview
Endera Employee
Continuous Monitoring Service (Free
Demo)
CLEAR Online Investigative Platform Investigation By Thomson Reuters
IDI Employee Risk
Management-Investigation Solutions
TLOXP Employee Risk
Management-Investigation Solutions By Transunion